During a vulnerability scan the vulnerability CVE-2025-68161 via Apache was detected based on file versions.

The affected file is reported to be:

C:\Users\<USER>\.eclipse\com.ca.harvest.workbench.workbenchProduct_14.5.0.45_XXXXXXXXXX_win32_win32_x86_64\configuration\org.eclipse.osgi\4\0\.cp\log4j-core-2.17.2.jar

Harvest 14.5.x

Note that vulnerability scanners flag vulnerabilities based on file versions only and not specific functionalities.

It is possible that a vulnerability can be found in a file but the product may not use the vulnerable functionality.

For this vulnerability, Harvest is NOT AFFECTED.

The Socket Appender component is not configured or used in Harvest

Harvest utilizes local console logging only and as a result there is no remote log transmission

The vulnerable code path is never executed in Harvest

Based on these details, this vulnerability can be safely ignored